dave/site
1
0
Fork 0
mirror of https://github.com/davegallant/davegallant.github.io.git synced 2025-08-06 08:43:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update pygments

Browse Source
This commit is contained in:
Dave Gallant
2023-03-25 18:05:59 -04:00
parent 7b6eb962df
commit cc92882748
7 changed files with 353 additions and 320 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config.yaml
View File

@@ -5,7 +5,7 @@ googleAnalytics: UA-98710982-2
copyright: Dave Gallant
preserveTaxonomyNames: true
pygmentsstyle: "monokai"
pygmentscodefences: true
pygmentscodefences: false
pygmentscodefencesguesssyntax: true
theme: archie
title: davegallant

2
content/post/watching-youtube-in-private.md
View File

@@ -38,7 +38,7 @@ I recently stumbled upon [yewtu.be](https://yewtu.be) and found it intriguing. I
![requestly](/images/watching-youtube-in-private/computerphile.png)
This layout is simple, and **JavaScript is not required**.
The layout is simple, and **JavaScript is not required**.
I started using [yewtu.be](https://yewtu.be) as my primary client for watching videos. I subscribe to several YouTube channels and I prefer the interface invidiuous provides due to its simplicity. It's also nice to be in control of my search and watch history.

144
public/blog/2020/03/16/appgate-sdp-on-arch-linux/index.html
View File

@@ -105,81 +105,93 @@ As of right now, the latest AUR is <code>4.2.2-1</code>.</p>
<p>These steps highlight how to get it working with <code>Python3.8</code> by making a 1 line modification to AppGate source code.</p>
<h1 id="packaging">Packaging</h1>
<p>We already know the community package is currently out of date, so let&rsquo;s clone it:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>git clone https://aur.archlinux.org/appgate-sdp.git
</span></span><span style="display:flex;"><span>cd appgate-sdp
</span></span></code></pre></div><p>You&rsquo;ll likely notice that the version is not what we want, so let&rsquo;s modify the <code>PKGBUILD</code> to the following:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#75715e"># Maintainer: Pawel Mosakowski &lt;pawel at mosakowski dot net&gt;</span>
</span></span><span style="display:flex;"><span>pkgname<span style="color:#f92672">=</span>appgate-sdp
</span></span><span style="display:flex;"><span>conflicts<span style="color:#f92672">=(</span><span style="color:#e6db74">&#39;appgate-sdp-headless&#39;</span><span style="color:#f92672">)</span>
</span></span><span style="display:flex;"><span>pkgver<span style="color:#f92672">=</span>4.3.2
</span></span><span style="display:flex;"><span>_download_pkgver<span style="color:#f92672">=</span>4.3
</span></span><span style="display:flex;"><span>pkgrel<span style="color:#f92672">=</span><span style="color:#ae81ff">1</span>
</span></span><span style="display:flex;"><span>epoch<span style="color:#f92672">=</span>
</span></span><span style="display:flex;"><span>pkgdesc<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;Software Defined Perimeter - GUI client&#34;</span>
</span></span><span style="display:flex;"><span>arch<span style="color:#f92672">=(</span><span style="color:#e6db74">&#39;x86_64&#39;</span><span style="color:#f92672">)</span>
</span></span><span style="display:flex;"><span>url<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;https://www.cyxtera.com/essential-defense/appgate-sdp/support&#34;</span>
</span></span><span style="display:flex;"><span>license<span style="color:#f92672">=(</span><span style="color:#e6db74">&#39;custom&#39;</span><span style="color:#f92672">)</span>
</span></span><span style="display:flex;"><span><span style="color:#75715e"># dependecies calculated by namcap</span>
</span></span><span style="display:flex;"><span>depends<span style="color:#f92672">=(</span><span style="color:#e6db74">&#39;gconf&#39;</span> <span style="color:#e6db74">&#39;libsecret&#39;</span> <span style="color:#e6db74">&#39;gtk3&#39;</span> <span style="color:#e6db74">&#39;python&#39;</span> <span style="color:#e6db74">&#39;nss&#39;</span> <span style="color:#e6db74">&#39;libxss&#39;</span> <span style="color:#e6db74">&#39;nodejs&#39;</span> <span style="color:#e6db74">&#39;dnsmasq&#39;</span><span style="color:#f92672">)</span>
</span></span><span style="display:flex;"><span>source<span style="color:#f92672">=(</span><span style="color:#e6db74">&#34;https://sdpdownloads.cyxtera.com/AppGate-SDP-</span><span style="color:#e6db74">${</span>_download_pkgver<span style="color:#e6db74">}</span><span style="color:#e6db74">/clients/</span><span style="color:#e6db74">${</span>pkgname<span style="color:#e6db74">}</span><span style="color:#e6db74">_</span><span style="color:#e6db74">${</span>pkgver<span style="color:#e6db74">}</span><span style="color:#e6db74">_amd64.deb&#34;</span>
</span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;appgatedriver.service&#34;</span><span style="color:#f92672">)</span>
</span></span><span style="display:flex;"><span>options<span style="color:#f92672">=(</span>staticlibs<span style="color:#f92672">)</span>
</span></span><span style="display:flex;"><span>prepare<span style="color:#f92672">()</span> <span style="color:#f92672">{</span>
</span></span><span style="display:flex;"><span> tar -xf data.tar.xz
</span></span><span style="display:flex;"><span><span style="color:#f92672">}</span>
</span></span><span style="display:flex;"><span>package<span style="color:#f92672">()</span> <span style="color:#f92672">{</span>
</span></span><span style="display:flex;"><span> cp -dpr <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>srcdir<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span>/<span style="color:#f92672">{</span>etc,lib,opt,usr<span style="color:#f92672">}</span> <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>pkgdir<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span>
</span></span><span style="display:flex;"><span> mv -v <span style="color:#e6db74">&#34;</span>$pkgdir<span style="color:#e6db74">/lib/systemd/system&#34;</span> <span style="color:#e6db74">&#34;</span>$pkgdir<span style="color:#e6db74">/usr/lib/systemd/&#34;</span>
</span></span><span style="display:flex;"><span> rm -vrf <span style="color:#e6db74">&#34;</span>$pkgdir<span style="color:#e6db74">/lib&#34;</span>
</span></span><span style="display:flex;"><span> cp -v <span style="color:#e6db74">&#34;</span>$srcdir<span style="color:#e6db74">/appgatedriver.service&#34;</span> <span style="color:#e6db74">&#34;</span>$pkgdir<span style="color:#e6db74">/usr/lib/systemd/system/appgatedriver.service&#34;</span>
</span></span><span style="display:flex;"><span> mkdir -vp <span style="color:#e6db74">&#34;</span>$pkgdir<span style="color:#e6db74">/usr/share/licenses/appgate-sdp&#34;</span>
</span></span><span style="display:flex;"><span> cp -v <span style="color:#e6db74">&#34;</span>$pkgdir<span style="color:#e6db74">/usr/share/doc/appgate/copyright&#34;</span> <span style="color:#e6db74">&#34;</span>$pkgdir<span style="color:#e6db74">/usr/share/licenses/appgate-sdp&#34;</span>
</span></span><span style="display:flex;"><span> cp -v <span style="color:#e6db74">&#34;</span>$pkgdir<span style="color:#e6db74">/usr/share/doc/appgate/LICENSE.github&#34;</span> <span style="color:#e6db74">&#34;</span>$pkgdir<span style="color:#e6db74">/usr/share/licenses/appgate-sdp&#34;</span>
</span></span><span style="display:flex;"><span> cp -v <span style="color:#e6db74">&#34;</span>$pkgdir<span style="color:#e6db74">/usr/share/doc/appgate/LICENSES.chromium.html.bz2&#34;</span> <span style="color:#e6db74">&#34;</span>$pkgdir<span style="color:#e6db74">/usr/share/licenses/appgate-sdp&#34;</span>
</span></span><span style="display:flex;"><span><span style="color:#f92672">}</span>
</span></span><span style="display:flex;"><span>md5sums<span style="color:#f92672">=(</span><span style="color:#e6db74">&#39;17101aac7623c06d5fbb95f50cf3dbdc&#39;</span>
</span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;002644116e20b2d79fdb36b7677ab4cf&#39;</span><span style="color:#f92672">)</span>
</span></span></code></pre></div><p>Let&rsquo;s first make sure we have some dependencies. If you do not have <a href="https://github.com/Jguer/yay">yay</a>, check it out.</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>yay -S dnsmasq gconf
</span></span></code></pre></div><p>Now, let&rsquo;s install it:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>makepkg -si
</span></span></code></pre></div><h1 id="running-the-client">Running the client</h1>
<pre><code class="language-shell">git clone https://aur.archlinux.org/appgate-sdp.git
cd appgate-sdp
</code></pre>
<p>You&rsquo;ll likely notice that the version is not what we want, so let&rsquo;s modify the <code>PKGBUILD</code> to the following:</p>
<pre><code class="language-shell"># Maintainer: Pawel Mosakowski &lt;pawel at mosakowski dot net&gt;
pkgname=appgate-sdp
conflicts=('appgate-sdp-headless')
pkgver=4.3.2
_download_pkgver=4.3
pkgrel=1
epoch=
pkgdesc=&quot;Software Defined Perimeter - GUI client&quot;
arch=('x86_64')
url=&quot;https://www.cyxtera.com/essential-defense/appgate-sdp/support&quot;
license=('custom')
# dependecies calculated by namcap
depends=('gconf' 'libsecret' 'gtk3' 'python' 'nss' 'libxss' 'nodejs' 'dnsmasq')
source=(&quot;https://sdpdownloads.cyxtera.com/AppGate-SDP-${_download_pkgver}/clients/${pkgname}_${pkgver}_amd64.deb&quot;
&quot;appgatedriver.service&quot;)
options=(staticlibs)
prepare() {
tar -xf data.tar.xz
}
package() {
cp -dpr &quot;${srcdir}&quot;/{etc,lib,opt,usr} &quot;${pkgdir}&quot;
mv -v &quot;$pkgdir/lib/systemd/system&quot; &quot;$pkgdir/usr/lib/systemd/&quot;
rm -vrf &quot;$pkgdir/lib&quot;
cp -v &quot;$srcdir/appgatedriver.service&quot; &quot;$pkgdir/usr/lib/systemd/system/appgatedriver.service&quot;
mkdir -vp &quot;$pkgdir/usr/share/licenses/appgate-sdp&quot;
cp -v &quot;$pkgdir/usr/share/doc/appgate/copyright&quot; &quot;$pkgdir/usr/share/licenses/appgate-sdp&quot;
cp -v &quot;$pkgdir/usr/share/doc/appgate/LICENSE.github&quot; &quot;$pkgdir/usr/share/licenses/appgate-sdp&quot;
cp -v &quot;$pkgdir/usr/share/doc/appgate/LICENSES.chromium.html.bz2&quot; &quot;$pkgdir/usr/share/licenses/appgate-sdp&quot;
}
md5sums=('17101aac7623c06d5fbb95f50cf3dbdc'
'002644116e20b2d79fdb36b7677ab4cf')
</code></pre>
<p>Let&rsquo;s first make sure we have some dependencies. If you do not have <a href="https://github.com/Jguer/yay">yay</a>, check it out.</p>
<pre><code class="language-shell">yay -S dnsmasq gconf
</code></pre>
<p>Now, let&rsquo;s install it:</p>
<pre><code class="language-shell">makepkg -si
</code></pre>
<h1 id="running-the-client">Running the client</h1>
<p>Ok, let&rsquo;s run the client by executing <code>appgate</code>.</p>
<p>It complains about not being able to connect.</p>
<p>Easy fix:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>sudo systemctl start appgatedriver.service
</span></span></code></pre></div><p>Now we should be connected&hellip; but DNS is not working?</p>
<pre><code class="language-shell">sudo systemctl start appgatedriver.service
</code></pre>
<p>Now we should be connected&hellip; but DNS is not working?</p>
<h1 id="fixing-the-dns">Fixing the DNS</h1>
<p>Running <code>resolvectl</code> should display that something is not right.</p>
<p>Why is the DNS not being set by appgate?</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ head -3 /opt/appgate/linux/set_dns
</span></span><span style="display:flex;"><span><span style="color:#75715e">#!/usr/bin/env python3</span>
</span></span><span style="display:flex;"><span><span style="color:#e6db74">&#39;&#39;</span><span style="color:#960050;background-color:#1e0010">&#39;</span>
</span></span><span style="display:flex;"><span>This is used to set and unset the DNS.
</span></span></code></pre></div><p>It seems like python3 is required for the DNS setting to happen.
<pre><code class="language-shell">$ head -3 /opt/appgate/linux/set_dns
#!/usr/bin/env python3
'''
This is used to set and unset the DNS.
</code></pre>
<p>It seems like python3 is required for the DNS setting to happen.
Let&rsquo;s try to run it.</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ sudo /opt/appgate/linux/set_dns
</span></span><span style="display:flex;"><span>/opt/appgate/linux/set_dns:88: SyntaxWarning: <span style="color:#e6db74">&#34;is&#34;</span> with a literal. Did you mean <span style="color:#e6db74">&#34;==&#34;</span>?
</span></span><span style="display:flex;"><span> servers <span style="color:#f92672">=</span> <span style="color:#f92672">[(</span> socket.AF_INET <span style="color:#66d9ef">if</span> x.version is <span style="color:#ae81ff">4</span> <span style="color:#66d9ef">else</span> socket.AF_INET6, map<span style="color:#f92672">(</span>int, x.packed<span style="color:#f92672">))</span> <span style="color:#66d9ef">for</span> x in servers<span style="color:#f92672">]</span>
</span></span><span style="display:flex;"><span>Traceback <span style="color:#f92672">(</span>most recent call last<span style="color:#f92672">)</span>:
</span></span><span style="display:flex;"><span> File <span style="color:#e6db74">&#34;/opt/appgate/linux/set_dns&#34;</span>, line 30, in &lt;module&gt;
</span></span><span style="display:flex;"><span> import dbus
</span></span><span style="display:flex;"><span>ModuleNotFoundError: No module named <span style="color:#e6db74">&#39;dbus&#39;</span>
</span></span></code></pre></div><p>Ok, let&rsquo;s install it:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ sudo python3.8 -m pip install dbus-python
</span></span></code></pre></div><p>Will it work now? Not yet. There&rsquo;s another issue:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ sudo /opt/appgate/linux/set_dns
</span></span><span style="display:flex;"><span>/opt/appgate/linux/set_dns:88: SyntaxWarning: <span style="color:#e6db74">&#34;is&#34;</span> with a literal. Did you mean <span style="color:#e6db74">&#34;==&#34;</span>?
</span></span><span style="display:flex;"><span> servers <span style="color:#f92672">=</span> <span style="color:#f92672">[(</span> socket.AF_INET <span style="color:#66d9ef">if</span> x.version is <span style="color:#ae81ff">4</span> <span style="color:#66d9ef">else</span> socket.AF_INET6, map<span style="color:#f92672">(</span>int, x.packed<span style="color:#f92672">))</span> <span style="color:#66d9ef">for</span> x in servers<span style="color:#f92672">]</span>
</span></span><span style="display:flex;"><span>module <span style="color:#e6db74">&#39;platform&#39;</span> has no attribute <span style="color:#e6db74">&#39;linux_distribution&#39;</span>
</span></span></code></pre></div><p>This is a breaking change in Python3.8.</p>
<pre><code class="language-shell">$ sudo /opt/appgate/linux/set_dns
/opt/appgate/linux/set_dns:88: SyntaxWarning: &quot;is&quot; with a literal. Did you mean &quot;==&quot;?
servers = [( socket.AF_INET if x.version is 4 else socket.AF_INET6, map(int, x.packed)) for x in servers]
Traceback (most recent call last):
File &quot;/opt/appgate/linux/set_dns&quot;, line 30, in &lt;module&gt;
import dbus
ModuleNotFoundError: No module named 'dbus'
</code></pre>
<p>Ok, let&rsquo;s install it:</p>
<pre><code class="language-shell">$ sudo python3.8 -m pip install dbus-python
</code></pre>
<p>Will it work now? Not yet. There&rsquo;s another issue:</p>
<pre><code class="language-shell">$ sudo /opt/appgate/linux/set_dns
/opt/appgate/linux/set_dns:88: SyntaxWarning: &quot;is&quot; with a literal. Did you mean &quot;==&quot;?
servers = [( socket.AF_INET if x.version is 4 else socket.AF_INET6, map(int, x.packed)) for x in servers]
module 'platform' has no attribute 'linux_distribution'
</code></pre>
<p>This is a breaking change in Python3.8.</p>
<p>So what is calling <code>platform.linux_distribution</code>?</p>
<p>Let&rsquo;s search for it:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ sudo grep -r <span style="color:#e6db74">&#39;linux_distribution&#39;</span> /opt/appgate/linux/
</span></span><span style="display:flex;"><span>/opt/appgate/linux/nm.py: <span style="color:#66d9ef">if</span> platform.linux_distribution<span style="color:#f92672">()[</span>0<span style="color:#f92672">]</span> !<span style="color:#f92672">=</span> <span style="color:#e6db74">&#39;Fedora&#39;</span>:
</span></span></code></pre></div><p>Aha! So this is in the local AppGate source code. This should be an easy fix. Let&rsquo;s just replace this line with:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-python" data-lang="python"><span style="display:flex;"><span><span style="color:#66d9ef">if</span> <span style="color:#66d9ef">True</span>: <span style="color:#75715e"># Since we are not using Fedora :)</span>
</span></span></code></pre></div><h1 id="wrapping-up">Wrapping up</h1>
<pre><code class="language-shell">$ sudo grep -r 'linux_distribution' /opt/appgate/linux/
/opt/appgate/linux/nm.py: if platform.linux_distribution()[0] != 'Fedora':
</code></pre>
<p>Aha! So this is in the local AppGate source code. This should be an easy fix. Let&rsquo;s just replace this line with:</p>
<pre><code class="language-python">if True: # Since we are not using Fedora :)
</code></pre>
<h1 id="wrapping-up">Wrapping up</h1>
<p>It turns out there are <a href="https://docs.python.org/3.7/library/platform.html#platform.linux_distribution">breaking changes</a> in Python3.8.</p>
<p>The docs say <code>Deprecated since version 3.5, will be removed in version 3.8: See alternative like the distro package.</code></p>
<p>I suppose this highlights one of the caveats of relying upon the system&rsquo;s python, rather than having an isolated, dedicated environment for all dependencies.</p></section>

231
public/blog/2021/09/08/why-i-threw-out-my-dotfiles/index.html
View File

@@ -103,9 +103,10 @@
<h2 id="what-is-home-manager">What is home-manager?<a href="#what-is-home-manager" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>Before understanding home-manager, it is worth briefly discussing what nix is. <a href="https://nixos.org/">nix</a> is a package manager that originally spawned from a <a href="https://edolstra.github.io/pubs/phd-thesis.pdf">PhD thesis</a>. Unlike other package managers, it uses symbolic links to keep track of the currently installed packages, keeping around the old ones in case you may want to rollback.</p>
<p>For example, I have used nix to install the package <a href="https://search.nixos.org/packages?channel=unstable&amp;show=bind&amp;from=0&amp;size=50&amp;sort=relevance&amp;type=packages&amp;query=bind">bind</a> which includes <code>dig</code>. You can see that it is available on multiple platforms. The absolute path of <code>dig</code> can be found by running:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-console" data-lang="console"><span style="display:flex;"><span>$ ls -lh <span style="color:#66d9ef">$(</span>which dig<span style="color:#66d9ef">)</span>
</span></span><span style="display:flex;"><span>lrwxr-xr-x 73 root 31 Dec 1969 /run/current-system/sw/bin/dig -&gt; /nix/store/0r4qdyprljd3dki57jn6c6a8dh2rbg9g-bind-9.16.16-dnsutils/bin/dig
</span></span></code></pre></div><p>Notice that there is a hash included in the file path? This is a nix store path and is computed by the nix package manager. This <a href="https://nixos.org/guides/nix-pills/nix-store-paths.html">nix pill</a> does a good job explaining how this hash is computed. All of the nix pills are worth a read, if you are interested in learning more about nix itself. However, using home-manager does not require extensive knowledge of nix.</p>
<pre><code class="language-console">$ ls -lh $(which dig)
lrwxr-xr-x 73 root 31 Dec 1969 /run/current-system/sw/bin/dig -&gt; /nix/store/0r4qdyprljd3dki57jn6c6a8dh2rbg9g-bind-9.16.16-dnsutils/bin/dig
</code></pre>
<p>Notice that there is a hash included in the file path? This is a nix store path and is computed by the nix package manager. This <a href="https://nixos.org/guides/nix-pills/nix-store-paths.html">nix pill</a> does a good job explaining how this hash is computed. All of the nix pills are worth a read, if you are interested in learning more about nix itself. However, using home-manager does not require extensive knowledge of nix.</p>
<p>Part of the nix ecosystem includes <a href="https://github.com/NixOS/nixpkgs">nixpkgs</a>. Many popular tools can be found already packaged in this repository. As you can see with these <a href="https://repology.org/repositories/statistics/total">stats</a>, there is a large number of existing packages that are being maintained by the community. Contributing a new package is easy, and anyone can do it!</p>
<p>home-manager leverages the nix package manager (and nixpkgs), as well the nix language so that you can declaratively define your system configuration. I store my <a href="https://github.com/davegallant/nix-config">nix-config</a> in git so that I can keep track of my packages and configurations, and retain a clean and informative git commit history so that I can understand what changed and why.</p>
<h2 id="setting-up-home-manager">Setting up home-manager<a href="#setting-up-home-manager" class="hanchor" ariaLabel="Anchor">#</a></h2>
@@ -113,119 +114,123 @@
<p>⚠️ If you run this on your main machine, make sure you backup your configuration files first. home-manager is pretty good about not overwriting existing configuration, but it is better to have a backup! Alternatively, you could test this out on a VM or cloud instance.</p>
</blockquote>
<p>The first thing you should do is <a href="https://nixos.org/guides/install-nix.html">install nix</a>:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>curl -L https://nixos.org/nix/install | sh
</span></span></code></pre></div><p>It&rsquo;s generally not a good idea to curl and execute files from the internet (without verifying integrity), so you might want to download the install script first and take a look before executing it!</p>
<pre><code class="language-shell">curl -L https://nixos.org/nix/install | sh
</code></pre>
<p>It&rsquo;s generally not a good idea to curl and execute files from the internet (without verifying integrity), so you might want to download the install script first and take a look before executing it!</p>
<p>Open up a new shell in your terminal and running <code>nix</code> <em>should</em> work. If not, run <code>. ~/.nix-profile/etc/profile.d/nix.sh</code></p>
<p>Now, <a href="https://github.com/nix-community/home-manager#installation">install home-manager</a>:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>nix-channel --add https://github.com/nix-community/home-manager/archive/master.tar.gz home-manager
</span></span><span style="display:flex;"><span>nix-channel --update
</span></span><span style="display:flex;"><span>nix-shell <span style="color:#e6db74">&#39;&lt;home-manager&gt;&#39;</span> -A install
</span></span></code></pre></div><p>You should see a wave of <code>/nix/store/*</code> paths being displayed on your screen.</p>
<pre><code class="language-shell">nix-channel --add https://github.com/nix-community/home-manager/archive/master.tar.gz home-manager
nix-channel --update
nix-shell '&lt;home-manager&gt;' -A install
</code></pre>
<p>You should see a wave of <code>/nix/store/*</code> paths being displayed on your screen.</p>
<p>Now, to start off with a basic configuration, open up <code>~/.config/nixpkgs/home.nix</code> in the editor of your choice and paste this in (you will want to change <code>userName</code> and <code>homeDirectory</code>):</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nix" data-lang="nix"><span style="display:flex;"><span>{ config<span style="color:#f92672">,</span> pkgs<span style="color:#f92672">,</span> <span style="color:#f92672">...</span> }:
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>{
</span></span><span style="display:flex;"><span> programs<span style="color:#f92672">.</span>home-manager<span style="color:#f92672">.</span>enable <span style="color:#f92672">=</span> <span style="color:#66d9ef">true</span>;
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> home <span style="color:#f92672">=</span> {
</span></span><span style="display:flex;"><span> username <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;dave&#34;</span>;
</span></span><span style="display:flex;"><span> homeDirectory <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;/home/dave&#34;</span>;
</span></span><span style="display:flex;"><span> stateVersion <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;21.11&#34;</span>;
</span></span><span style="display:flex;"><span> packages <span style="color:#f92672">=</span> <span style="color:#66d9ef">with</span> pkgs; [
</span></span><span style="display:flex;"><span> bind
</span></span><span style="display:flex;"><span> exa
</span></span><span style="display:flex;"><span> fd
</span></span><span style="display:flex;"><span> ripgrep
</span></span><span style="display:flex;"><span> ];
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> programs <span style="color:#f92672">=</span> {
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> git <span style="color:#f92672">=</span> {
</span></span><span style="display:flex;"><span> enable <span style="color:#f92672">=</span> <span style="color:#66d9ef">true</span>;
</span></span><span style="display:flex;"><span> aliases <span style="color:#f92672">=</span> {
</span></span><span style="display:flex;"><span> aa <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;add -A .&#34;</span>;
</span></span><span style="display:flex;"><span> br <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;branch&#34;</span>;
</span></span><span style="display:flex;"><span> c <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;commit -S&#34;</span>;
</span></span><span style="display:flex;"><span> ca <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;commit -S --amend&#34;</span>;
</span></span><span style="display:flex;"><span> cb <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;checkout -b&#34;</span>;
</span></span><span style="display:flex;"><span> co <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;checkout&#34;</span>;
</span></span><span style="display:flex;"><span> d <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;diff&#34;</span>;
</span></span><span style="display:flex;"><span> l <span style="color:#f92672">=</span>
</span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;log --graph --pretty=format:&#39;%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)&lt;%an&gt;%Creset&#39; --abbrev-commit&#34;</span>;
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> delta <span style="color:#f92672">=</span> {
</span></span><span style="display:flex;"><span> enable <span style="color:#f92672">=</span> <span style="color:#66d9ef">true</span>;
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> options <span style="color:#f92672">=</span> {
</span></span><span style="display:flex;"><span> features <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;line-numbers decorations&#34;</span>;
</span></span><span style="display:flex;"><span> whitespace-error-style <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;22 reverse&#34;</span>;
</span></span><span style="display:flex;"><span> plus-style <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;green bold ul &#39;#198214&#39;&#34;</span>;
</span></span><span style="display:flex;"><span> decorations <span style="color:#f92672">=</span> {
</span></span><span style="display:flex;"><span> commit-decoration-style <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;bold yellow box ul&#34;</span>;
</span></span><span style="display:flex;"><span> file-style <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;bold yellow ul&#34;</span>;
</span></span><span style="display:flex;"><span> file-decoration-style <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;none&#34;</span>;
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> extraConfig <span style="color:#f92672">=</span> {
</span></span><span style="display:flex;"><span> push <span style="color:#f92672">=</span> { default <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;current&#34;</span>; };
</span></span><span style="display:flex;"><span> pull <span style="color:#f92672">=</span> { rebase <span style="color:#f92672">=</span> <span style="color:#66d9ef">true</span>; };
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> starship <span style="color:#f92672">=</span> {
</span></span><span style="display:flex;"><span> enable <span style="color:#f92672">=</span> <span style="color:#66d9ef">true</span>;
</span></span><span style="display:flex;"><span> enableZshIntegration <span style="color:#f92672">=</span> <span style="color:#66d9ef">true</span>;
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> settings <span style="color:#f92672">=</span> {
</span></span><span style="display:flex;"><span> add_newline <span style="color:#f92672">=</span> <span style="color:#66d9ef">false</span>;
</span></span><span style="display:flex;"><span> scan_timeout <span style="color:#f92672">=</span> <span style="color:#ae81ff">10</span>;
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> zsh <span style="color:#f92672">=</span> {
</span></span><span style="display:flex;"><span> enable <span style="color:#f92672">=</span> <span style="color:#66d9ef">true</span>;
</span></span><span style="display:flex;"><span> enableAutosuggestions <span style="color:#f92672">=</span> <span style="color:#66d9ef">true</span>;
</span></span><span style="display:flex;"><span> enableSyntaxHighlighting <span style="color:#f92672">=</span> <span style="color:#66d9ef">true</span>;
</span></span><span style="display:flex;"><span> history<span style="color:#f92672">.</span>size <span style="color:#f92672">=</span> <span style="color:#ae81ff">1000000</span>;
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> localVariables <span style="color:#f92672">=</span> {
</span></span><span style="display:flex;"><span> CASE_SENSITIVE <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;true&#34;</span>;
</span></span><span style="display:flex;"><span> DISABLE_UNTRACKED_FILES_DIRTY <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;true&#34;</span>;
</span></span><span style="display:flex;"><span> RPROMPT <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;&#34;</span>; <span style="color:#75715e"># override because macOS defaults to filepath</span>
</span></span><span style="display:flex;"><span> ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;fg=#838383,underline&#34;</span>;
</span></span><span style="display:flex;"><span> ZSH_DISABLE_COMPFIX <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;true&#34;</span>;
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> initExtra <span style="color:#f92672">=</span> <span style="color:#e6db74">&#39;&#39;
</span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> export PAGER=less
</span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> &#39;&#39;</span>;
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> shellAliases <span style="color:#f92672">=</span> {
</span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;..&#34;</span> <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;cd ..&#34;</span>;
</span></span><span style="display:flex;"><span> grep <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;rg --smart-case&#34;</span>;
</span></span><span style="display:flex;"><span> ls <span style="color:#f92672">=</span> <span style="color:#e6db74">&#34;exa -la --git&#34;</span>;
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;oh-my-zsh&#34;</span> <span style="color:#f92672">=</span> {
</span></span><span style="display:flex;"><span> enable <span style="color:#f92672">=</span> <span style="color:#66d9ef">true</span>;
</span></span><span style="display:flex;"><span> plugins <span style="color:#f92672">=</span> [
</span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;gitfast&#34;</span>
</span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#34;last-working-dir&#34;</span>
</span></span><span style="display:flex;"><span> ];
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> };
</span></span><span style="display:flex;"><span>}
</span></span></code></pre></div><p>Save the file and run:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>home-manager switch
</span></span></code></pre></div><p>You should see another wave of <code>/nix/store/*</code> paths. The new configuration should now be active.</p>
<pre><code class="language-nix">{ config, pkgs, ... }:
{
programs.home-manager.enable = true;
home = {
username = &quot;dave&quot;;
homeDirectory = &quot;/home/dave&quot;;
stateVersion = &quot;21.11&quot;;
packages = with pkgs; [
bind
exa
fd
ripgrep
];
};
programs = {
git = {
enable = true;
aliases = {
aa = &quot;add -A .&quot;;
br = &quot;branch&quot;;
c = &quot;commit -S&quot;;
ca = &quot;commit -S --amend&quot;;
cb = &quot;checkout -b&quot;;
co = &quot;checkout&quot;;
d = &quot;diff&quot;;
l =
&quot;log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)&lt;%an&gt;%Creset' --abbrev-commit&quot;;
};
delta = {
enable = true;
options = {
features = &quot;line-numbers decorations&quot;;
whitespace-error-style = &quot;22 reverse&quot;;
plus-style = &quot;green bold ul '#198214'&quot;;
decorations = {
commit-decoration-style = &quot;bold yellow box ul&quot;;
file-style = &quot;bold yellow ul&quot;;
file-decoration-style = &quot;none&quot;;
};
};
};
extraConfig = {
push = { default = &quot;current&quot;; };
pull = { rebase = true; };
};
};
starship = {
enable = true;
enableZshIntegration = true;
settings = {
add_newline = false;
scan_timeout = 10;
};
};
zsh = {
enable = true;
enableAutosuggestions = true;
enableSyntaxHighlighting = true;
history.size = 1000000;
localVariables = {
CASE_SENSITIVE = &quot;true&quot;;
DISABLE_UNTRACKED_FILES_DIRTY = &quot;true&quot;;
RPROMPT = &quot;&quot;; # override because macOS defaults to filepath
ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE = &quot;fg=#838383,underline&quot;;
ZSH_DISABLE_COMPFIX = &quot;true&quot;;
};
initExtra = ''
export PAGER=less
'';
shellAliases = {
&quot;..&quot; = &quot;cd ..&quot;;
grep = &quot;rg --smart-case&quot;;
ls = &quot;exa -la --git&quot;;
};
&quot;oh-my-zsh&quot; = {
enable = true;
plugins = [
&quot;gitfast&quot;
&quot;last-working-dir&quot;
];
};
};
};
}
</code></pre>
<p>Save the file and run:</p>
<pre><code>home-manager switch
</code></pre>
<p>You should see another wave of <code>/nix/store/*</code> paths. The new configuration should now be active.</p>
<p>If you run <code>zsh</code>, you should see that you have <a href="https://starship.rs/">starship</a> and access to several other utils such as <code>rg</code>, <code>fd</code>, and <code>exa</code>.</p>
<p>This basic configuration above is also defining your <code>~/.config/git/config</code> and <code>.zshrc</code>. If you already have either of these files, home-manager will complain about them already existing.</p>
<p>If you run <code>cat ~/.zshrc</code>, you will see the way these configuration files are generated.</p>

109
public/blog/2021/10/11/replacing-docker-with-podman-on-macos-and-linux/index.html
View File

@@ -114,65 +114,74 @@
<p>I&rsquo;ve also observed that so far my 2019 16&quot; Macbook Pro hasn&rsquo;t sounded like a jet engine, although I haven&rsquo;t performed any disk-intensive operations yet.</p>
<h3 id="installing-podman">Installing Podman<a href="#installing-podman" class="hanchor" ariaLabel="Anchor">#</a></h3>
<p>Running Podman on macOS is more involved than on Linux, because the podman-machine must run Linux inside of a virtual machine. Fortunately, the installation is made simple with <a href="https://formulae.brew.sh/formula/podman">brew</a> (read <a href="https://podman.io/getting-started/installation#linux-distributions">this</a> if you&rsquo;re installing Podman on Linux):</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>brew install podman
</span></span></code></pre></div><p>The podman-machine must be started:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#75715e"># This is not necessary on Linux</span>
</span></span><span style="display:flex;"><span>podman machine init
</span></span><span style="display:flex;"><span>podman machine start
</span></span></code></pre></div><h3 id="running-a-container">Running a container<a href="#running-a-container" class="hanchor" ariaLabel="Anchor">#</a></h3>
<pre><code class="language-sh">brew install podman
</code></pre>
<p>The podman-machine must be started:</p>
<pre><code class="language-sh"># This is not necessary on Linux
podman machine init
podman machine start
</code></pre>
<h3 id="running-a-container">Running a container<a href="#running-a-container" class="hanchor" ariaLabel="Anchor">#</a></h3>
<p>Let&rsquo;s try to pull an image:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-console" data-lang="console"><span style="display:flex;"><span>$ podman pull alpine
</span></span><span style="display:flex;"><span>Trying to pull docker.io/library/alpine:latest...
</span></span><span style="display:flex;"><span>Getting image source signatures
</span></span><span style="display:flex;"><span>Copying blob sha256:a0d0a0d46f8b52473982a3c466318f479767577551a53ffc9074c9fa7035982e
</span></span><span style="display:flex;"><span>Copying config sha256:14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
</span></span><span style="display:flex;"><span>Writing manifest to image destination
</span></span><span style="display:flex;"><span>Storing signatures
</span></span><span style="display:flex;"><span>14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
</span></span></code></pre></div><blockquote>
<pre><code class="language-console">$ podman pull alpine
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob sha256:a0d0a0d46f8b52473982a3c466318f479767577551a53ffc9074c9fa7035982e
Copying config sha256:14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
Writing manifest to image destination
Storing signatures
14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab
</code></pre>
<blockquote>
<p>If you&rsquo;re having an issue pulling images, you may need to remove <code>~/.docker/config.json</code> or remove the set of auths in the configuration as mentioned <a href="https://stackoverflow.com/a/69121873/1191286">here</a>.</p>
</blockquote>
<p>and then run and exec into the container:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-console" data-lang="console"><span style="display:flex;"><span>$ podman run --rm -ti alpine
</span></span><span style="display:flex;"><span>Error: error preparing container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b for attach: error configuring network namespace for container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b: error adding pod unruffled_bohr_unruffled_bohr to CNI network &#34;podman&#34;: unexpected end of JSON input
</span></span></code></pre></div><p>What does this error mean? A bit of searching lead to <a href="https://github.com/containers/podman/issues/11837">this github issue</a>.</p>
<pre><code class="language-console">$ podman run --rm -ti alpine
Error: error preparing container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b for attach: error configuring network namespace for container 99ace1ef8a78118e178372d91fd182e8166c399fbebe0f676af59fbf32ce205b: error adding pod unruffled_bohr_unruffled_bohr to CNI network &quot;podman&quot;: unexpected end of JSON input
</code></pre>
<p>What does this error mean? A bit of searching lead to <a href="https://github.com/containers/podman/issues/11837">this github issue</a>.</p>
<p>Until the fix is released, a workaround is to just specify a port (even when it&rsquo;s not needed):</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>podman run -p <span style="color:#ae81ff">4242</span> --rm -ti alpine
</span></span></code></pre></div><p>If you&rsquo;re reading this from the future, there is a good chance specifying a port won&rsquo;t be needed.</p>
<pre><code class="language-sh">podman run -p 4242 --rm -ti alpine
</code></pre>
<p>If you&rsquo;re reading this from the future, there is a good chance specifying a port won&rsquo;t be needed.</p>
<p>Another example of running a container with Podman can be found in the <a href="https://jellyfin.org/docs/general/administration/installing.html#podman">Jellyfin Documentation</a>.</p>
<h3 id="aliasing-docker-with-podman">Aliasing docker with podman<a href="#aliasing-docker-with-podman" class="hanchor" ariaLabel="Anchor">#</a></h3>
<p>Force of habit (or other scripts) may have you calling <code>docker</code>. To work around this:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>alias docker<span style="color:#f92672">=</span>podman
</span></span></code></pre></div><h3 id="podman-compose">podman-compose<a href="#podman-compose" class="hanchor" ariaLabel="Anchor">#</a></h3>
<pre><code class="language-sh">alias docker=podman
</code></pre>
<h3 id="podman-compose">podman-compose<a href="#podman-compose" class="hanchor" ariaLabel="Anchor">#</a></h3>
<p>You may be wondering: what about docker-compose? Well, there <em>claims</em> to be a drop-in replacement for it: <a href="https://github.com/containers/podman-compose">podman-compose</a>.</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>pip3 install --user podman-compose
</span></span></code></pre></div><p>Now let&rsquo;s create a <code>docker-compose.yml</code> file to test:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>cat <span style="color:#e6db74">&lt;&lt; EOF &gt;&gt; docker-compose.yml
</span></span></span><span style="display:flex;"><span><span style="color:#e6db74">version: &#39;2&#39;
</span></span></span><span style="display:flex;"><span><span style="color:#e6db74">services:
</span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> hello_world:
</span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> image: ubuntu
</span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> command: [/bin/echo, &#39;Hello world&#39;]
</span></span></span><span style="display:flex;"><span><span style="color:#e6db74">EOF</span>
</span></span></code></pre></div><p>Now run:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-console" data-lang="console"><span style="display:flex;"><span>$ podman-compose up
</span></span><span style="display:flex;"><span>podman pod create --name=davegallant.github.io --share net
</span></span><span style="display:flex;"><span>40d61dc6e95216c07d2b21cea6dcb30205bfcaf1260501fe652f05bddf7e595e
</span></span><span style="display:flex;"><span>0
</span></span><span style="display:flex;"><span>podman create --name=davegallant.github.io_hello_world_1 --pod=davegallant.github.io -l io.podman.compose.config-hash=123 -l io.podman.compose.project=davegallant.github.io -l io.podman.compose.version=0.0.1 -l com.docker.compose.container-number=1 -l com.docker.compose.service=hello_world --add-host hello_world:127.0.0.1 --add-host davegallant.github.io_hello_world_1:127.0.0.1 ubuntu /bin/echo Hello world
</span></span><span style="display:flex;"><span>Resolved &#34;ubuntu&#34; as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
</span></span><span style="display:flex;"><span>Trying to pull docker.io/library/ubuntu:latest...
</span></span><span style="display:flex;"><span>Getting image source signatures
</span></span><span style="display:flex;"><span>Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17
</span></span><span style="display:flex;"><span>Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17
</span></span><span style="display:flex;"><span>Copying config sha256:597ce1600cf4ac5f449b66e75e840657bb53864434d6bd82f00b172544c32ee2
</span></span><span style="display:flex;"><span>Writing manifest to image destination
</span></span><span style="display:flex;"><span>Storing signatures
</span></span><span style="display:flex;"><span>1a68b2fed3fdf2037b7aef16d770f22929eec1d799219ce30541df7876918576
</span></span><span style="display:flex;"><span>0
</span></span><span style="display:flex;"><span>podman start -a davegallant.github.io_hello_world_1
</span></span><span style="display:flex;"><span>Hello world
</span></span></code></pre></div><p>This should more or less provide the same results you would come to expect with docker. The README does clearly state that podman-compose is under development.</p>
<pre><code class="language-sh">pip3 install --user podman-compose
</code></pre>
<p>Now let&rsquo;s create a <code>docker-compose.yml</code> file to test:</p>
<pre><code class="language-sh">cat &lt;&lt; EOF &gt;&gt; docker-compose.yml
version: '2'
services:
hello_world:
image: ubuntu
command: [/bin/echo, 'Hello world']
EOF
</code></pre>
<p>Now run:</p>
<pre><code class="language-console">$ podman-compose up
podman pod create --name=davegallant.github.io --share net
40d61dc6e95216c07d2b21cea6dcb30205bfcaf1260501fe652f05bddf7e595e
0
podman create --name=davegallant.github.io_hello_world_1 --pod=davegallant.github.io -l io.podman.compose.config-hash=123 -l io.podman.compose.project=davegallant.github.io -l io.podman.compose.version=0.0.1 -l com.docker.compose.container-number=1 -l com.docker.compose.service=hello_world --add-host hello_world:127.0.0.1 --add-host davegallant.github.io_hello_world_1:127.0.0.1 ubuntu /bin/echo Hello world
Resolved &quot;ubuntu&quot; as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/ubuntu:latest...
Getting image source signatures
Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17
Copying blob sha256:f3ef4ff62e0da0ef761ec1c8a578f3035bef51043e53ae1b13a20b3e03726d17
Copying config sha256:597ce1600cf4ac5f449b66e75e840657bb53864434d6bd82f00b172544c32ee2
Writing manifest to image destination
Storing signatures
1a68b2fed3fdf2037b7aef16d770f22929eec1d799219ce30541df7876918576
0
podman start -a davegallant.github.io_hello_world_1
Hello world
</code></pre>
<p>This should more or less provide the same results you would come to expect with docker. The README does clearly state that podman-compose is under development.</p>
<h3 id="summary">Summary<a href="#summary" class="hanchor" ariaLabel="Anchor">#</a></h3>
<p>Installing Podman on macOS was not seamless, but it was manageable well within 30 minutes. I would recommend giving Podman a try to anyone who is unhappy with experiencing forced docker updates, or who is interested in using a more modern technology for running containers.</p>
<p>One caveat to mention is that there isn&rsquo;t an official graphical user interface for Podman, but there is an <a href="https://github.com/containers/podman/issues/11494">open issue</a> considering one. If you rely heavily on Docker Desktop&rsquo;s UI, you may not be as interested in using podman yet.</p>

98
public/blog/2021/11/14/running-k3s-in-lxc-on-proxmox/index.html
View File

@@ -106,16 +106,18 @@
<p>This <a href="https://gist.github.com/triangletodd/02f595cd4c0dc9aac5f7763ca2264185">gist</a> contains snippets and discussion on how to deploy K3s in LXC on Proxmox. It mentions that <code>bridge-nf-call-iptables</code> should be loaded, but I did not understand the benefit of doing this.</p>
<h2 id="disable-swap">Disable swap<a href="#disable-swap" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>There is an issue on Kubernetes regarding swap <a href="https://github.com/kubernetes/kubernetes/issues/53533">here</a>. There claims to be support for swap in 1.22, but for now let&rsquo;s disable it:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>sysctl vm.swappiness=0
</span></span><span style="display:flex;"><span>swapoff -a
</span></span></code></pre></div><p>It might be worth experimenting with swap enabled in the future to see how that might affect performance.</p>
<pre><code>sysctl vm.swappiness=0
swapoff -a
</code></pre>
<p>It might be worth experimenting with swap enabled in the future to see how that might affect performance.</p>
<h3 id="enable-ip-forwarding">Enable IP Forwarding<a href="#enable-ip-forwarding" class="hanchor" ariaLabel="Anchor">#</a></h3>
<p>To avoid IP Forwarding issues with Traefik, run the following on the host:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>sudo sysctl net.ipv4.ip_forward<span style="color:#f92672">=</span><span style="color:#ae81ff">1</span>
</span></span><span style="display:flex;"><span>sudo sysctl net.ipv6.conf.all.forwarding<span style="color:#f92672">=</span><span style="color:#ae81ff">1</span>
</span></span><span style="display:flex;"><span>sudo sed -i <span style="color:#e6db74">&#39;s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g&#39;</span> /etc/sysctl.conf
</span></span><span style="display:flex;"><span>sudo sed -i <span style="color:#e6db74">&#39;s/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g&#39;</span> /etc/sysctl.conf
</span></span></code></pre></div><h2 id="create-lxc-container">Create LXC container<a href="#create-lxc-container" class="hanchor" ariaLabel="Anchor">#</a></h2>
<pre><code class="language-sh">sudo sysctl net.ipv4.ip_forward=1
sudo sysctl net.ipv6.conf.all.forwarding=1
sudo sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
sudo sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/g' /etc/sysctl.conf
</code></pre>
<h2 id="create-lxc-container">Create LXC container<a href="#create-lxc-container" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>Create an LXC container in the Proxmox interface as you normally would. Remember to:</p>
<ul>
<li>Uncheck <code>unprivileged container</code></li>
@@ -126,11 +128,12 @@
<h3 id="modify-container-config">Modify container config<a href="#modify-container-config" class="hanchor" ariaLabel="Anchor">#</a></h3>
<p>Now back on the host run <code>pct list</code> to determine what VMID it was given.</p>
<p>Open <code>/etc/pve/lxc/$VMID.conf</code> and append:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>lxc.apparmor.profile: unconfined
</span></span><span style="display:flex;"><span>lxc.cap.drop:
</span></span><span style="display:flex;"><span>lxc.mount.auto: <span style="color:#e6db74">&#34;proc:rw sys:rw&#34;</span>
</span></span><span style="display:flex;"><span>lxc.cgroup2.devices.allow: c 10:200 rwm
</span></span></code></pre></div><p>All of the above configurations are described in the <a href="https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html">manpages</a>.
<pre><code class="language-sh">lxc.apparmor.profile: unconfined
lxc.cap.drop:
lxc.mount.auto: &quot;proc:rw sys:rw&quot;
lxc.cgroup2.devices.allow: c 10:200 rwm
</code></pre>
<p>All of the above configurations are described in the <a href="https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html">manpages</a>.
Notice that <code>cgroup2</code> is used since Proxmox VE 7.0 has switched to a <a href="https://pve.proxmox.com/pve-docs/chapter-pct.html#pct_cgroup">pure cgroupv2 environment</a>.</p>
<p>Thankfully cgroup v2 support has been supported in k3s with these contributions:</p>
<ul>
@@ -139,44 +142,47 @@ Notice that <code>cgroup2</code> is used since Proxmox VE 7.0 has switched to a
</ul>
<h2 id="enable-shared-host-mounts">Enable shared host mounts<a href="#enable-shared-host-mounts" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>From within the container, run:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>echo <span style="color:#e6db74">&#39;#!/bin/sh -e
</span></span></span><span style="display:flex;"><span><span style="color:#e6db74">ln -s /dev/console /dev/kmsg
</span></span></span><span style="display:flex;"><span><span style="color:#e6db74">mount --make-rshared /&#39;</span> &gt; /etc/rc.local
</span></span><span style="display:flex;"><span>chmod +x /etc/rc.local
</span></span><span style="display:flex;"><span>reboot
</span></span></code></pre></div><h2 id="install-k3s">Install K3s<a href="#install-k3s" class="hanchor" ariaLabel="Anchor">#</a></h2>
<pre><code class="language-sh">echo '#!/bin/sh -e
ln -s /dev/console /dev/kmsg
mount --make-rshared /' &gt; /etc/rc.local
chmod +x /etc/rc.local
reboot
</code></pre>
<h2 id="install-k3s">Install K3s<a href="#install-k3s" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>One of the simplest ways to install K3s on a remote host is to use <a href="https://github.com/alexellis/k3sup">k3sup</a>.
Ensure that you supply a valid <code>CONTAINER_IP</code> and choose the <code>k3s-version</code> you prefer.
As of 2021/11, it is still defaulting to the 1.19 channel, so I overrode it to 1.22 for cgroup v2 support. See the published releases <a href="https://github.com/k3s-io/k3s/releases">here</a>.</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>ssh-copy-id root@$CONTAINER_IP
</span></span><span style="display:flex;"><span>k3sup install --ip $CONTAINER_IP --user root --k3s-version v1.22.3+k3s1
</span></span></code></pre></div><p>If all goes well, you should see a path to the <code>kubeconfig</code> generated. I moved this into <code>~/.kube/config</code> so that kubectl would read this by default.</p>
<pre><code class="language-sh">ssh-copy-id root@$CONTAINER_IP
k3sup install --ip $CONTAINER_IP --user root --k3s-version v1.22.3+k3s1
</code></pre>
<p>If all goes well, you should see a path to the <code>kubeconfig</code> generated. I moved this into <code>~/.kube/config</code> so that kubectl would read this by default.</p>
<h2 id="wrapping-up">Wrapping up<a href="#wrapping-up" class="hanchor" ariaLabel="Anchor">#</a></h2>
<p>Installing K3s in LXC on Proxmox works with a few tweaks to the default configuration. I later followed the Tekton&rsquo;s <a href="https://tekton.dev/docs/getting-started/">Getting Started</a> guide and was able to deploy it in a few commands.</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-console" data-lang="console"><span style="display:flex;"><span>$ kubectl get all --namespace tekton-pipelines
</span></span><span style="display:flex;"><span>NAME READY STATUS RESTARTS AGE
</span></span><span style="display:flex;"><span>pod/tekton-pipelines-webhook-8566ff9b6b-6rnh8 1/1 Running 1 (50m ago) 12h
</span></span><span style="display:flex;"><span>pod/tekton-dashboard-6bf858f977-qt4hr 1/1 Running 1 (50m ago) 11h
</span></span><span style="display:flex;"><span>pod/tekton-pipelines-controller-69fd7498d8-f57m4 1/1 Running 1 (50m ago) 12h
</span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010">
</span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span>NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
</span></span><span style="display:flex;"><span>service/tekton-pipelines-controller ClusterIP 10.43.44.245 &lt;none&gt; 9090/TCP,8080/TCP 12h
</span></span><span style="display:flex;"><span>service/tekton-pipelines-webhook ClusterIP 10.43.183.242 &lt;none&gt; 9090/TCP,8008/TCP,443/TCP,8080/TCP 12h
</span></span><span style="display:flex;"><span>service/tekton-dashboard ClusterIP 10.43.87.97 &lt;none&gt; 9097/TCP 11h
</span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010">
</span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span>NAME READY UP-TO-DATE AVAILABLE AGE
</span></span><span style="display:flex;"><span>deployment.apps/tekton-pipelines-webhook 1/1 1 1 12h
</span></span><span style="display:flex;"><span>deployment.apps/tekton-dashboard 1/1 1 1 11h
</span></span><span style="display:flex;"><span>deployment.apps/tekton-pipelines-controller 1/1 1 1 12h
</span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010">
</span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span>NAME DESIRED CURRENT READY AGE
</span></span><span style="display:flex;"><span>replicaset.apps/tekton-pipelines-webhook-8566ff9b6b 1 1 1 12h
</span></span><span style="display:flex;"><span>replicaset.apps/tekton-dashboard-6bf858f977 1 1 1 11h
</span></span><span style="display:flex;"><span>replicaset.apps/tekton-pipelines-controller-69fd7498d8 1 1 1 12h
</span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010">
</span></span></span><span style="display:flex;"><span><span style="color:#960050;background-color:#1e0010"></span>NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
</span></span><span style="display:flex;"><span>horizontalpodautoscaler.autoscaling/tekton-pipelines-webhook Deployment/tekton-pipelines-webhook 9%/100% 1 5 1 12h
</span></span></code></pre></div><p>I made sure to install Tailscale in the container so that I can easily access K3s from anywhere.</p>
<pre><code class="language-console">$ kubectl get all --namespace tekton-pipelines
NAME READY STATUS RESTARTS AGE
pod/tekton-pipelines-webhook-8566ff9b6b-6rnh8 1/1 Running 1 (50m ago) 12h
pod/tekton-dashboard-6bf858f977-qt4hr 1/1 Running 1 (50m ago) 11h
pod/tekton-pipelines-controller-69fd7498d8-f57m4 1/1 Running 1 (50m ago) 12h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/tekton-pipelines-controller ClusterIP 10.43.44.245 &lt;none&gt; 9090/TCP,8080/TCP 12h
service/tekton-pipelines-webhook ClusterIP 10.43.183.242 &lt;none&gt; 9090/TCP,8008/TCP,443/TCP,8080/TCP 12h
service/tekton-dashboard ClusterIP 10.43.87.97 &lt;none&gt; 9097/TCP 11h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/tekton-pipelines-webhook 1/1 1 1 12h
deployment.apps/tekton-dashboard 1/1 1 1 11h
deployment.apps/tekton-pipelines-controller 1/1 1 1 12h
NAME DESIRED CURRENT READY AGE
replicaset.apps/tekton-pipelines-webhook-8566ff9b6b 1 1 1 12h
replicaset.apps/tekton-dashboard-6bf858f977 1 1 1 11h
replicaset.apps/tekton-pipelines-controller-69fd7498d8 1 1 1 12h
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
horizontalpodautoscaler.autoscaling/tekton-pipelines-webhook Deployment/tekton-pipelines-webhook 9%/100% 1 5 1 12h
</code></pre>
<p>I made sure to install Tailscale in the container so that I can easily access K3s from anywhere.</p>
<p>If I&rsquo;m feeling adventurous, I might experiment with <a href="https://rancher.com/docs/k3s/latest/en/advanced/#running-k3s-with-rootless-mode-experimental">K3s rootless</a>.</p></section>
<div class="post-tags">

87
public/blog/2022/12/10/watching-youtube-in-private/index.html
View File

@@ -101,54 +101,55 @@
<section class="body"><p>I recently stumbled upon <a href="https://yewtu.be">yewtu.be</a> and found it intriguing. It not only allows you to watch YouTube without <em>being on YouTube</em>, but it also allows you to create an account and subscribe to channels without a Google account. What sort of wizardry is going on under the hood? It turns out that it&rsquo;s a hosted instance of <a href="https://invidious.io/">invidious</a>.</p>
<p><img src="/images/watching-youtube-in-private/computerphile.png" alt="requestly"></p>
<p>This layout is simple, and <strong>JavaScript is not required</strong>.</p>
<p>The layout is simple, and <strong>JavaScript is not required</strong>.</p>
<p>I started using <a href="https://yewtu.be">yewtu.be</a> as my primary client for watching videos. I subscribe to several YouTube channels and I prefer the interface invidiuous provides due to its simplicity. It&rsquo;s also nice to be in control of my search and watch history.</p>
<p>A few days ago, yewtu.be went down briefly, and that motivated me enough to self-host invidious. There are several other hosted instances listed <a href="https://docs.invidious.io/instances/">here</a>, but being able to easily backup my own instance (including subscriptions and watch history) is more compelling in my case.</p>
<h3 id="hosting-invidious">Hosting invidious<a href="#hosting-invidious" class="hanchor" ariaLabel="Anchor">#</a></h3>
<p>The quickest way to get invidious up is with docker-compose as mentioned in the <a href="https://docs.invidious.io/installation/">docs</a>.</p>
<p>I made a few modifications (such as pinning the container&rsquo;s tag), and ended up with:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">version</span>: <span style="color:#e6db74">&#34;3&#34;</span>
</span></span><span style="display:flex;"><span><span style="color:#f92672">services</span>:
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> <span style="color:#f92672">invidious</span>:
</span></span><span style="display:flex;"><span> <span style="color:#f92672">image</span>: <span style="color:#ae81ff">quay.io/invidious/invidious:5160d8bae39dc5cc5d51abee90571a03c08d0f2b</span>
</span></span><span style="display:flex;"><span> <span style="color:#f92672">restart</span>: <span style="color:#ae81ff">unless-stopped</span>
</span></span><span style="display:flex;"><span> <span style="color:#f92672">ports</span>:
</span></span><span style="display:flex;"><span> - <span style="color:#e6db74">&#34;0.0.0.0:3000:3000&#34;</span>
</span></span><span style="display:flex;"><span> <span style="color:#f92672">environment</span>:
</span></span><span style="display:flex;"><span> <span style="color:#f92672">INVIDIOUS_CONFIG</span>: |<span style="color:#e6db74">
</span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> db:
</span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> dbname: invidious
</span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> user: kemal
</span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> password: kemal
</span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> host: invidious-db
</span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> port: 5432
</span></span></span><span style="display:flex;"><span><span style="color:#e6db74"> check_tables: true</span>
</span></span><span style="display:flex;"><span> <span style="color:#f92672">healthcheck</span>:
</span></span><span style="display:flex;"><span> <span style="color:#f92672">test</span>: <span style="color:#ae81ff">wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1</span>
</span></span><span style="display:flex;"><span> <span style="color:#f92672">interval</span>: <span style="color:#ae81ff">30s</span>
</span></span><span style="display:flex;"><span> <span style="color:#f92672">timeout</span>: <span style="color:#ae81ff">5s</span>
</span></span><span style="display:flex;"><span> <span style="color:#f92672">retries</span>: <span style="color:#ae81ff">2</span>
</span></span><span style="display:flex;"><span> <span style="color:#f92672">depends_on</span>:
</span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">invidious-db</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span> <span style="color:#f92672">invidious-db</span>:
</span></span><span style="display:flex;"><span> <span style="color:#f92672">image</span>: <span style="color:#ae81ff">docker.io/library/postgres:14</span>
</span></span><span style="display:flex;"><span> <span style="color:#f92672">restart</span>: <span style="color:#ae81ff">unless-stopped</span>
</span></span><span style="display:flex;"><span> <span style="color:#f92672">volumes</span>:
</span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">postgresdata:/var/lib/postgresql/data</span>
</span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">./config/sql:/config/sql</span>
</span></span><span style="display:flex;"><span> - <span style="color:#ae81ff">./docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh</span>
</span></span><span style="display:flex;"><span> <span style="color:#f92672">environment</span>:
</span></span><span style="display:flex;"><span> <span style="color:#f92672">POSTGRES_DB</span>: <span style="color:#ae81ff">invidious</span>
</span></span><span style="display:flex;"><span> <span style="color:#f92672">POSTGRES_USER</span>: <span style="color:#ae81ff">kemal</span>
</span></span><span style="display:flex;"><span> <span style="color:#f92672">POSTGRES_PASSWORD</span>: <span style="color:#ae81ff">kemal</span>
</span></span><span style="display:flex;"><span> <span style="color:#f92672">healthcheck</span>:
</span></span><span style="display:flex;"><span> <span style="color:#f92672">test</span>: [<span style="color:#e6db74">&#34;CMD-SHELL&#34;</span>, <span style="color:#e6db74">&#34;pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB&#34;</span>]
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span><span style="color:#f92672">volumes</span>:
</span></span><span style="display:flex;"><span> <span style="color:#f92672">postgresdata</span>:
</span></span></code></pre></div><p>After invidious was up and running, I installed <a href="https://tailscale.com/">Tailscale</a> on it to leverage its MagicDNS, and I&rsquo;m now able to access this instance from anywhere at <a href="http://invidious:3000/feed/subscriptions">http://invidious:3000/feed/subscriptions</a>.</p>
<pre><code class="language-yaml">version: &quot;3&quot;
services:
invidious:
image: quay.io/invidious/invidious:5160d8bae39dc5cc5d51abee90571a03c08d0f2b
restart: unless-stopped
ports:
- &quot;0.0.0.0:3000:3000&quot;
environment:
INVIDIOUS_CONFIG: |
db:
dbname: invidious
user: kemal
password: kemal
host: invidious-db
port: 5432
check_tables: true
healthcheck:
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1
interval: 30s
timeout: 5s
retries: 2
depends_on:
- invidious-db
invidious-db:
image: docker.io/library/postgres:14
restart: unless-stopped
volumes:
- postgresdata:/var/lib/postgresql/data
- ./config/sql:/config/sql
- ./docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh
environment:
POSTGRES_DB: invidious
POSTGRES_USER: kemal
POSTGRES_PASSWORD: kemal
healthcheck:
test: [&quot;CMD-SHELL&quot;, &quot;pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB&quot;]
volumes:
postgresdata:
</code></pre>
<p>After invidious was up and running, I installed <a href="https://tailscale.com/">Tailscale</a> on it to leverage its MagicDNS, and I&rsquo;m now able to access this instance from anywhere at <a href="http://invidious:3000/feed/subscriptions">http://invidious:3000/feed/subscriptions</a>.</p>
<h3 id="redirecting-youtube-links">Redirecting YouTube links<a href="#redirecting-youtube-links" class="hanchor" ariaLabel="Anchor">#</a></h3>
<p>I figured it would be nice to redirect existing YouTube links that others send me, so that I could seamlessly watch the videos using invidious.</p>
<p>I went looking for a way to redirect paths at the browser level. I found the lightweight proxy <a href="https://requestly.io/">requestly</a>, which can be used to modify http requests in my browser. I created the following rules:</p>